Last updated: July 2026
This Privacy Policy explains how AIMESSALES AB ("AIMES," "we," "us," or "our"), a company registered in Sweden, collects, uses, and protects information when you use our AI-powered sales messaging platform ("Service").
We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).
Understanding who controls data is important for privacy compliance:
AIMES as Data Controller: We are the data controller for personal data about our users (organization owners, admins, and sales representatives who use our platform). This includes account information, login data, and usage analytics.
AIMES as Data Processor: For the business data you input into the Service (prospect information, company details, interaction notes), your organization is the data controller, and we act as a data processor on your behalf. Your organization is responsible for ensuring lawful collection and use of this data.
When you create an account, we collect:
When you use the Service, we automatically collect:
Payment card details are collected and processed directly by Stripe, our payment processor. We do not store your full card number on our servers.
You may input business data into the Service, including:
Your organization is the data controller for this business data. You are responsible for ensuring you have the right to input this data and that its use complies with applicable laws.
We use your data for the following purposes, each with a legal basis under GDPR Article 6:
Where we rely on legitimate interest, we have assessed that our interest is not overridden by your rights and freedoms. You may object to such processing as described in Section 9.
We share your data with the following third-party service providers (subprocessors) who help us deliver the Service:
| Provider | Purpose | Location | |----------|---------|----------| | OpenAI | AI processing for analysis generation | United States | | Supabase (AWS) | Database hosting and authentication | EU (Frankfurt, Germany) | | Vercel | Application hosting and delivery | Global (edge locations) | | Stripe | Payment processing | United States / EU |
All subprocessors are bound by data processing agreements that require them to protect your data and use it only for the specified purposes.
We use strictly necessary cookies only. These cookies are essential for the Service to function and include:
We do not use advertising cookies, analytics cookies, or any other non-essential cookies. Because our cookies are strictly necessary for the Service, consent is not required under GDPR.
We retain your data for the following periods:
Account data: Retained while your account is active and for a reasonable period thereafter to allow for account recovery
Business data: Retained while your organization's account is active. When an organization is deleted, all associated data is permanently removed after a 30-day grace period.
Audit logs: Login history and security events are retained for up to 12 months for security and compliance purposes
Authentication records: May be retained for up to 90 days after account deletion for security and fraud prevention purposes
Under GDPR and other applicable laws, you have the following rights regarding your personal data:
How to exercise your rights: You can update or delete your account directly through the Service settings. For data export or other requests, please contact us at info@aimessales.com. We will respond within 30 days.
For business data: If you are a prospect whose data has been entered into our Service by one of our customers, please contact that organization directly to exercise your data rights. They are the data controller for your information.
Our primary data storage is in the European Union (AWS eu-central-1, Frankfurt, Germany), which provides strong data protection.
Some of our subprocessors, including OpenAI, are based in the United States. When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, including:
We implement appropriate technical and organizational measures to protect your data, including:
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect.
Your continued use of the Service after the effective date constitutes acceptance of the updated Privacy Policy.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
AIMESSALES AB
Org. no. 559575-4291
Rörstrandsgatan 54
113 40 Stockholm, Sweden
Email: info@aimessales.com
You also have the right to lodge a complaint with a supervisory authority. In Sweden, this is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).